11
Open CVEs
0
Exploited
0
KEV
0
Unpatched
0
No Workaround
6
Internet-facing
Why this provider is risky now
This provider has 11 open CVE(s) in the last 14 days. 6 affect internet-facing services. 1 impact the management/identity plane.
1 Mgmt / Admin Plane
6 Internet-facing
Top Risky CVEs
CVE-2026-39842
Act Now
Remote code execution as root in OpenRemote IoT platform's rules engine (versions prior to 1.20.3) allows authenticated non-superuser attackers with write:rules role to execute arbitrary Java code via unsandboxed JavaScript rulesets. The vulnerability stems from Nashorn ScriptEngine.eval() executing user-supplied JavaScript without ClassFilter restrictions, enabling Java.type() access to any JVM class including java.lang.Runtime. Attackers can compromise the entire multi-tenant platform, steal c
Within 24 hours: Inventory all OpenRemote deployments and document current versions; restrict write:rules role to only trusted superuser accounts and disable rules engine if possible. Within 7 days: Test upgrade path to OpenRemote 1.20.3 or later in a non-production environment; implement network segmentation to limit rules engine access. Within 30 days: Complete upgrade of all production OpenRemote instances to version 1.20.3 or later; audit logs for any rules created by non-superuser accounts since deployment; validate tenant isolation is functioning post-patch.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-94: Code Injection)
- • Third-party ICT: Docker, PostgreSQL, Apple
- • Moderate evidence (PoC / elevated EPSS)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Docker (Dev Platforms & CI/CD)
- • ICT provider: PostgreSQL (Databases & Data Platforms)
- • ICT provider: Apple (Operating Systems)
9.9
CVSS
0.1%
EPSS
50
Priority
CVE-2026-33439
Act Now
Remote code execution in OpenIdentityPlatform OpenAM 16.0.5 and earlier allows unauthenticated attackers to execute arbitrary OS commands via unsafe Java deserialization of the jato.clientSession HTTP parameter. This bypass exploits an unpatched deserialization sink in JATO's ClientSession.deserializeAttributes() that was overlooked when CVE-2021-35464 was mitigated. Attackers can target any JATO ViewBean endpoint with <jato:form> tags (commonly found in password reset pages) using a PriorityQue
Within 24 hours: Identify all OpenAM deployments and document version numbers; verify if any are running 16.0.5 or earlier. Within 7 days: Apply vendor-released patch to OpenAM 16.0.6 or later (GitHub commit 014007c or subsequent stable release); test in staging environment first. Within 30 days: Conduct post-patch verification; review authentication logs for suspicious jato.clientSession parameter activity; implement network-level monitoring for JATO ViewBean endpoints.
Edge exposure
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Internet-facing (CWE-502: Deserialization of Untrusted Data)
- • Third-party ICT: Docker, Oracle Database, Apple
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: Docker (Dev Platforms & CI/CD)
- • ICT provider: Oracle Database (Databases & Data Platforms)
- • ICT provider: Apple (Operating Systems)
9.3
CVSS
0.1%
EPSS
47
Priority
CVE-2026-39860
Act Now
Local privilege escalation in Nix package manager daemon (versions prior to 2.34.5/2.33.4/2.32.7/2.31.4/2.30.4/2.29.3/2.28.6) allows unprivileged users to gain root access in multi-user Linux installations. Incomplete fix for CVE-2024-27297 permits symlink attacks during fixed-output derivation registration, enabling arbitrary file overwrites as root. Attackers exploit sandboxed build registration by placing symlinks in temporary output paths, causing the daemon to follow symlinks and overwrite sensitive system files with controlled content. Affects default configurations where all users can submit builds. No public exploit identified at time of analysis.
Within 24 hours: Identify all systems running Nix versions prior to 2.34.5, 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, or 2.28.6 using 'nix --version' and inventory. Within 7 days: Apply vendor-released patches to upgrade to Nix 2.34.5 (or 2.33.4, 2.32.7, 2.31.4, 2.30.4, 2.29.3, or 2.28.6 depending on current branch). Within 30 days: Conduct access review of multi-user Nix installations and audit build logs for unauthorized fixed-output derivation submissions during the window of vulnerability exposure.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • CRITICAL severity
- • Third-party ICT: SUSE, Apple
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • CRITICAL severity
- • ICT provider: SUSE (Infrastructure & Virtualization)
- • ICT provider: Apple (Operating Systems)
9.0
CVSS
0.0%
EPSS
45
Priority
CVE-2026-33092
This Week
Local privilege escalation in Acronis True Image for macOS enables authenticated low-privileged users to gain elevated system privileges through improper environment variable handling. Affects Acronis True Image OEM (macOS) versions prior to build 42571 and Acronis True Image (macOS) prior to build 42902. Attackers with existing local access can achieve complete system compromise (high confidentiality, integrity, and availability impact). No public exploit identified at time of analysis. Exploitation requires low attack complexity with no user interaction.
Within 24 hours: Identify all macOS systems running Acronis True Image OEM (versions prior to build 42571) and Acronis True Image (versions prior to build 42902) using endpoint management tools. Within 7 days: Deploy Acronis True Image OEM build 42571 or later, and Acronis True Image build 42902 or later, to all affected endpoints via your patch management system. Within 30 days: Audit system access logs on all previously affected systems for unauthorized privilege escalation and verify successful patch deployment across the entire fleet.
ICT dependency
Patched
Why flagged?
NIS2 Relevant
- • HIGH severity
- • Third-party ICT: Apple
- • Strong evidence (KEV / high EPSS / multi-source)
DORA Relevant
- • HIGH severity
- • ICT provider: Apple (Operating Systems)
7.8
CVSS
0.0%
EPSS
39
Priority
CVE-2026-40191
This Month
ClearanceKit for macOS prior to version 5.0.4-beta-1f46165 fails to validate destination paths in dual-path file operations (rename, link, copyfile, exchangedata, clone), allowing authenticated local processes to bypass file-access protection and place or replace files in protected directories. The vulnerability affects all versions before 5.0.4-beta-1f46165 and has been patched; no public exploit code or active exploitation has been identified at the time of analysis.
Edge exposure
ICT dependency
Management plane
Patched
Why flagged?
6.8
CVSS
0.0%
EPSS
34
Priority
CVE-2026-3861
This Month
6.5
CVSS
0.0%
EPSS
33
Priority
CVE-2026-39862
This Month
Remote code execution in Tophat mobile testing harness prior to 2.5.1 allows authenticated network attackers to execute arbitrary commands on a developer's macOS workstation via unsanitized URL query parameters passed directly to bash. The vulnerability affects any developer with Tophat installed, with commands executing under the user's permissions and no confirmation dialog for previously trusted build hosts. This was fixed in version 2.5.1.
Edge exposure
ICT dependency
Patched
Why flagged?
6.3
CVSS
0.5%
EPSS
32
Priority
CVE-2026-39844
This Month
5.9
CVSS
0.1%
EPSS
30
Priority
CVE-2026-5895
This Month
5.4
CVSS
0.0%
EPSS
27
Priority
CVE-2026-5898
This Month
4.3
CVSS
0.0%
EPSS
22
Priority
By Exposure
Internet-facing
6
Mgmt / Admin Plane
1
Identity / Auth
1
Internal only
5
By Exploitability
Known exploited
0
Public PoC
0
High EPSS (>30%)
0
Remote unauthenticated
5
Local only
3
By Remediation
Patch available
11
No patch
0
Workaround available
4
No workaround
0
Affected Services / Product Families
Apple
11 CVE(s)
+ 1 more